The New School of Cyber Defense

The old school of cyber defense emphasized securing infrastructure and restricting data flows, but data needs to run freely to power our organizations. The new school of cyber defense calls for security that is agile and intelligent. It emphasizes protecting the interactions between our users, our applications, and our data.

The world has changed, and we must change the way we secure it. Join Frank Mong, VP & General Manager of Security Solutions, and hear why you need to secure your: Cloud services, data (wherever it is), and apps (wherever they run).

Growing exposure to IT risks has made organizations across industries volatile. Recent IT vendor incidents like data and security beaches, violation of privacy guidelines, which caused substantial fines, penalties, brand value, highlight that IT vendor risks are business risks and require focus from the leadership. An immature ITVRM programs limits the insights which are necessary for strengthening vendor relationships and building a robust ERM program. Rather than treating each risk in isolation, organizations need to have an integrated approach to manage risks holistically and in line with their business operations and objectives. With the growing dependency on IT and IT vendors, organizations need align enterprise and IT VRM objectives to build a resilient framework suitable for today’s environment.

During the session, panelists will discuss how organizations can strengthen vendor management in the current landscape and improve business performance.

- Causes of Vendor Risks incidents and the impact on the enterprise
- Best approach to align IT vendor risk to enterprise risk
- Building mature VRM Program
- Role of technology in integrating Vendor risk to Enterprise risk management

Cyber space is composed of, and dependent on, supply chains. Our hardware and software are created in multiple locations by a multitude of suppliers and vendors. A single PC board may contain chips from many different nations, each with their own companies and manufacturing plant. Software is highly dependent on updates, which we receive mostly automatically and is directly incorporated in the software we depend on daily.

We, as a society are getting more skilled at protecting our technology from cyber-attack by hardening our network perimeters, improving anti-virus/malware tools and encrypting everything we can. The one thing we DO NOT do is evaluate what our cyber supply chain(s) are. We understand their importance to our daily tasks, to our lifestyles, and to our incomes. We need to looking into what our supply chains really are, understand their functionality and investigate ways to begin protecting them.

Organizations are suffering from volatility across all risk types, and in every organization, there are a multitude of applications and devices with threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements, and senior management are being pressured to improve enterprise risk management capabilities.

An organization’s enterprise risk management (ERM) program can be a powerful management tool for achieving strategic and operational objectives, but it can be difficult to maintain and grow over time. If an ERM program is not moving forward it stagnates, so executives need to implement a program that evolves with the times. Implementation has its challenges but there are a range of responses that can be effective for each ERM program challenge. In this webinar our experts discuss these responses and address some of the ways to implement an evolving GRC program that gets boardroom backing.

Every company has sensitive and confidential data. it's important that we maintain data security and compliance within our retail teams and handle that data properly. It's equally important to prevent malware from infecting servers and computers and to protect the information and data coming into your organization.

Learn how to ensure privacy and security of sensitive production data by managing devices and channels within and outside your organization.

Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.

After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.

While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.

Personal data of individuals – consumers and employees – is in constant motion across international borders. Nonetheless, existing privacy laws purport to prohibit organizations in many countries from transferring data to another jurisdiction in the absence of adherence to various legal frameworks or contractual mechanisms designed to enhance the protection of personal data.

Those legal frameworks suffered a blow last year when the European Court of Justice struck down the 15 year old Safe Harbor Framework. A year later, the EU-US Privacy Shield Framework has been approved as a replacement, and many companies have begun to certify, but the new Framework remains subject to potential legal challenge. Other European data transfer mechanisms – standard contractual clauses and Binding Corporate Rules – are also subject to legal challenge. And other jurisdictions around the globe in South America, Asia and elsewhere, are imposing restrictions on the transfer or personal data and in some cases even calling for data localization. Yet, data continues to flow in real-time.

What does it mean in the real world? What are the real risks for multinational data owners and for service providers that process data of such data controllers? This presentation will distinguish fact from fiction and provide practical tools for companies that are struggling (understandably) to wrap their virtual arms around the world.

We have traded off our privacy rights for security, and our security processes for convenience. This is compromising the culture of high reliability in the American workplace. By de-engineering our need for ‘convenience’ back to our requirement for ‘security’ and ultimately back to our ‘privacy rights’ we can assess and define the steps required to develop a new methodology in the virtual world, addressing our perception of Privacy vs Security, and the need for both.

George Vroustouris, Founder of Undo Identity Theft has spent more than 6 years researching and studying the risks and impact surrounding personal identifiable information (PII) theft, the sensitive personal data used to commit identity fraud. Join this presentation and learn about the privacy and security risks as our lives are becoming increasingly digitized.

The unprecedented growth and adoption of connected devices has created innumerable new threats for organizations, manufacturers and consumers, while at the same time creating unprecedented opportunities for hackers.

In this webcast, join well known hacker and bug hunting advocate Jason Haddix, as he analyzes the evolution of IoT security and the mistakes and developments that have led us to where we are today. With experience working to attack and defend IoT applications, Haddix will explore what it takes to effectively hack connected devices, and how the role of defenders has evolved in this space.

Lee Godby, Director of Business Development and Andreas Zindel, Director of Technical Business Development at Centrify

Today, more and more security breaches are being reported - Home Depot, Target, Sony, Anthem, and Office of Personnel Management (OPM) to name a few. There are numerous attack vectors, but the most prevalent vector is compromised credentials. So how can corporations or entities protect themselves from these types of attacks, while ensuring the privacy of employees and customers? In this discussion, understand how to empower your employees through multi-factor authentication (MFA), while significantly reducing the chances of having a “Strategic Corporal” bring down your operation.

In May 2018, a new data privacy law comes into effect and any organisation with data on the 500+ million citizens of the European Union (EU) has to comply. Fines can be up to 4% of revenue, mandatory data loss notification to regulators and users comes into force, and class action lawsuits will land on the desk of anyone unfortunate enough to lose data. As with any data loss incident, these costs may be dwarfed by the loss of brand image and customers choosing not to do business with you again.

Unmanaged cloud could be your weakest link, so what do you need to do?

Join us for this webinar where the author of “GDPR – An Action Guide for IT” will speak and you will learn:

· The top ten points of the new regulation
· Which departments in your organisation need to be part of the GDPR-Readiness Team
· What you need to do today, what you can leave until tomorrow
· Policies for collecting, processing, transferring and deleting data
· 25 questions to ask yourselves to ensure you are ready

HPE Project and Portfolio Management 9.40 was recently released with some significant updates and improvements. This webinar will introduce the new features included in this release and how those features can help you improve your project and program processes.
HPE Project and Portfolio Management 9.40 was recently released with some significant updates and improvements. This webinar will introduce the new features included in this release and how those features can help you improve your project and program processes.

Features being covered include:

NEW! Program type for true program lifecycle governance and management
NEW! Program UI
· Easier tracking of issues, risks and scope changes

Join this interactive webinar to see how you can leverage the concept of secure content management to support privacy and information security transparently within your information governance program. You will also learn how the need for security, business continuity and data protection be balanced with collaboration and productivity expectations to successfully deliver the desired business outcomes for your stakeholders and customers. There will be opportunity throughout the session to share your thoughts, experiences and answer any questions.

Three-quarters of Americans believe that control over their personal data is very important, but only 9% believe they have this control. Up until now, data governance and protection have been a low priority for brands, but the long-term impact of a data breach can lead to a loss of consumer confidence – not to mention massive financial implications. How do you balance the opportunity to provide the best customer experience with the increasing responsibilities in data privacy and security?

In this webinar, we’ll discuss five industry best practices for building an effective data governance plan. From the vendors you choose to work with, to the policies and practices in place today, learn how to make sense of the current legal landscape and how Tealium’s solutions allow you to provide these safeguards to your customers.

Security failures with millions of stolen credit cards have become an all too normal part of the news. The Payment Card Industry (PCI) has issued a standard for companies and service providers for handling credit cards to mitigate the risk of these breaches. Implementing a PCI certified environment requires a coordinated and sustained commitment to security by adopting policies, writing procedures, and an ability to successfully demonstrate compliance during audits.

A number of PCI standards require the implementation of Server Configuration Management (SCM). SCM is an integral tool of DevOps. It is invaluable for meeting PCI requirements that are technical and need documentation. This discussion will review security challenges, which PCI requirements can be met with SCM and how to successfully implement SCM to meet PCI standards.

The majority of security breaches are due to attackers getting a hold of compromised credentials. Join this talk and learn the security risks associated with human errors, and how to minimize your organization's risk exposure.

This presentation will cover:
- Why it's crucial to train employees to recognize and defend against cyber threats
- What many training initiatives get wrong
- How you can leverage the science of learning to create engaging training that changes behavior

With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.